Fail2Ban is an excellent tool to deal with this sort of thing.
On Mon, 19 Sep 2011 10:05:47 -0700, Rick Baartman wrote > >From my secure log: > > Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): check > pass; user unknown > Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): > authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= > rhost=::ffff:64.31.19.48 > Sep 19 01:16:44 lin12 dovecot-auth: pam_succeed_if(dovecot:auth): > error retrieving information about user aaron > Sep 19 01:16:45 lin12 dovecot-auth: pam_unix(dovecot:auth): check > pass; user unknown > Sep 19 01:16:45 lin12 dovecot-auth: pam_unix(dovecot:auth): > authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= > rhost=::ffff:64.31.19.48 > Sep 19 01:16:45 lin12 dovecot-auth: pam_succeed_if(dovecot:auth): > error retrieving information about user abby > > etc. Literally, 30,000 user names attempted. > -- > rick baartman > > TRIUMF > 4004 Wesbrook Mall > Vancouver, BC > V6T2A3 ------------------------------------ I've stopped trying to catch up, I'm just trying to limit the rate at which I'm falling behind John Alexander
